Security & compliance
Upholding the highest standards to protect your data and ensure trust.
DEVO-2026-0018
Remote Desktop Manager is affected by multiple vulnerabilities.
Affected Products
Change Log
Initial publication - 2026-06-12
Command injection in SSH Elevate Shell
5.2 Medium - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action.
CVE(s)
CVE-2026-12161
Remediation and Workarounds
Upgrade to Devolutions Remote Desktop Manager 2026.2.8.0 or higher.
Improper host validation in social login autofill
2 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain.
CVE(s)
CVE-2026-12162
Remediation and Workarounds
Upgrade to Devolutions Remote Desktop Manager 2026.2.9.0 or higher.